<?php

if (!defined('BASEPATH'))
    exit('No direct script access allowed');

if (!function_exists("check_permission_backend")) {

    function check_permission_backend($permission) {
        if (check_login(base_url('/admincp'))) {
            $user_login = $_SESSION['frontend']['User'];
            $content = file_get_contents(API_URL."binding/get_user/?username=" . $user_login['UserName']);
            $response = json_decode($content);
            $suc = false;
            if ($response->code > 0) {
                $suc = true;
                $data = $response->data;
                if (empty($data)) return FALSE; //access denied
                
                if($data->Active=='false') return FALSE; //access denied
                
                if (is_array($permission)) {
                    if (!in_array($data->Privilege, $permission)) return FALSE; //access denied
                } else {
                    if ($data->Privilege != $permission) return FALSE; //access denied
                }
                $_SESSION['frontend']['User']['Permission'] = $data->Privilege;
            }
            if($suc) return TRUE;            
            return FALSE; //access denied
        }
    }

}

if (!function_exists("check_login")) {

    function check_login($return_url = '') {
        $user_login = $_SESSION['frontend']['User'];
        if (empty($user_login)) {
            if ($return_url != '') {
                header("location: /authorize?act=login&state=" . $return_url);
            } else {
                header("location: /authorize?act=login");
            }
        } else {
            return true;
        }
    }

}
?>
